Cyberattacks are growing smarter and AI needs smarter data to keep up

As cybersecurity threats escalate, the difference between containment and catastrophe often comes down to a matter of seconds. For government agencies, that speed to defend increasingly relies on artificial intelligence. AI is a core mission enabling capability for cybersecurity analysts to detect anomalies, prioritize threats, and automate responses. But the effectiveness of those tools isn’t determined by the sophistication of the algorithm alone. It’s determined by the quality of the data fueling it.

“As adversaries scale their tactics, we have to level up too,” said Dr. Matthew McFadden, vice president of cyber at General Dynamics Information Technology (GDIT). “AI is going to help us, but only if we have the right foundation in place.”

That foundation is data. Agencies aiming to use AI for threat detection, risk scoring, or incident response need complete, trustworthy, and well-governed telemetry that can feed a range of tools, from behavioral analytics to endpoint monitoring to network defense. Without a strong data strategy, even the most advanced models will fall short.

AI Success Depends on Data

Government agencies are awash in data, but volume isn’t the same as value. To tap into the full potential of government data as reliable fuel for AI, agencies must first establish strategies, governance policies, and pipelines that ensure data is usable across platforms and in real time. Breaking down silos, improving data quality, and standardizing feeds are critical steps to transform chaotic data into actionable insights.

In cybersecurity, those insights translate directly into mission impact. “We can leverage data to prioritize risk, we can leverage it to look for outliers that could be an adversary,” McFadden said. “And in the event of a breach, we can leverage it to automate our response and remediate high-risk systems.”

That requires pulling from a wide array of sources: network logs, device telemetry, behavioral patterns, NetFlow data, IP and DNS telemetry, and even metadata about the data itself. The challenge isn’t a lack of information, it’s how to make that fragmented and fast-moving data coherent enough to drive decisions.

Industry leaders see the same issue.

“Cybersecurity has evolved into machine-speed data science,” said Stephan Mitchev, Splunk Field CTO. “As adversaries deploy AI-driven machine scale attacks, the best defense is knowledge – comprehensive telemetry with business context – delivered, analyzed, and acted upon in real-time.”

That perspective highlights a common barrier across government: while agencies generate enormous volumes of telemetry, too much of it remains locked away in separate systems. The inability to connect those streams limits the power of AI to act on threats in real time.

McFadden agreed, noting that “often data is in disparate environments, closed enclaves, or different cloud providers. If you don’t have access to the data, how can you act on it? It’s really important, from a top-down approach, that folks embrace information sharing.”

Recent federal directives echo that point, urging agencies to remove barriers that prevent data sharing and to invest in infrastructures that make data more accessible. The goal is to ensure AI can be applied consistently, securely, and at speed.

Turning Data into AI Fuel: Three Steps

McFadden outlined a three-step process for agencies looking to operationalize AI in cybersecurity:

1. Assess the status quo. Take inventory of what data exists, its value, and how it’s currently used. “There’s a rationalization process of understanding what kind of data a solution has today, what is the value of that data, and how do we leverage it to act,” McFadden said. You likely don’t need it all. Some data can be irrelevant, reduce efficiency, and increase cybersecurity tooling costs. The vastness of trivial data may even slow defenses and delay effective decisions due to analysis overload.
2. Move beyond the status quo to increase effectiveness. Once the data is inventoried, agencies must make it more usable. That doesn’t always mean more data — sometimes it means less. “Some agencies could be ingesting terabytes a day, but just because you’re ingesting that data doesn’t mean it’s all usable,” McFadden said. “Sometimes we need to right-size what data they’re centralizing because that impacts both cost and effectiveness.” Making key decisions based on the most relevant data should be the priority.
3. Automate. Leverage the data to reduce risk and drive automation. Agencies need to define key metrics and establish baselines. “You have to have a baseline to improve over time,” McFadden said. “AI is going to help you, and it’s going to help you do better, but first you have to define what that ‘better’ is.” Automation is the only way to scale cyber defenses and keep up with the ever-increasing threats and adversarial use of AI.

For cyber analysts, “better” doesn’t mean replacing humans. It means freeing them to focus on priority analysis rather than chasing routine alerts. Human-machine teaming is key to ensuring effective automation.

“Without automation, the cybersecurity workforce is stuck in a reactive cycle,” McFadden said. “There’s a vast amount of threat data and a finite set of resources. Let’s really focus on allowing those teams to be most effective by focusing on critical and high risks and being more proactive in response.”

Building Toward Responsible AI in Cyber Defense

In that sense, AI becomes a force multiplier, taking on repetitive tasks that cause alert fatigue while amplifying the expertise of security teams.

McFadden’s advice to federal leaders is straightforward: embrace AI but do it responsibly. “The reward outweighs the risk,” he said. “It allows us to level up teams and we can provide better correlations to help us reduce risk faster. But in order to do that, we have to make sure we apply AI most effectively and build an AI risk framework to use it safely and securely.”

As agencies invest in AI for cybersecurity, success won’t come from the flashiest model. It will come from the best-prepared data, the foundation that makes AI not only powerful, but dependable.

Learn more about how GDIT is helping government cyber analysts harness the full potential of their data.